Hackers Focusing on Small & Medium-Sized Practices

During the past twelve months the number of cyberattacks registered on healthcare entities has massively spiked with groups being the focus of Advanced Persistent Threat (APT) actors and ransomware collectives. These hacking campaigns often result in large healthcare groups having large amounts of Protected Health Information (PHI) stolen in ransomware attacks.  There has also been noticeable growth in small- to medium-sized healthcare centers being targeted and breaches of the Healthcare Information Portability and Privacy Act (HIPAA) occurring due to this.

Large healthcare organizations, while certainly a valuable target for cybercriminals, are not the easiest target due to the considerable amounts of money these firms invest in cybersecurity measures. Infiltrating these databases to steal information can prove complicated and time consuming. Small and medium-sized practices are a much easier target as they typically do not have the same amount of money to invest in cybersecurity measures while they also hold massive amounts of sensitive data.

Along with hardware and software measures, smaller practices tend to neglect staff HIPAA training and refresher classes as a weapon in the fight against cybercriminal activity.
Cybersecurity measures such as these can be easily disregarded as those responsible for implementing them do not believe that they are an attractive target for malware and ransomware groups when the opposite is actually the case. This only serves to enhance the willingness of cybercriminals to target them for an easier profit.


Cyberattacks on Small- & Medium-Sized Healthcare Groups Increasing

A recently published report by the CTI League indicated the main emerging threats are in the healthcare sector. In the last Quarter of 2020, experts discovered a significant rise in cyberattacks on the healthcare industry. The report stated: “From October to December the CTI League observed a dramatic uptick in focused attacks against healthcare entities, particularly small and medium sized hospitals and clinics, which impacted clinical workflows at hundreds of healthcare providers.”

Ransomware response company Coveware also produced research (see graph below) to show that:

  • Cyberattacks on small to mid-sized healthcare organizations have been growing with data for Q3, 2020 indicating that 70% of ransomware campaigns aim for groups with less 1,000 employees.
  • During Q4 65.9% of these attacks aimed for small (30.2%) and medium (35.7%) sized companies.
  • The Ryuk and Sodinokibi ransomware groups still focus on large enterprises; however smaller operations are focused firmly on small- to medium-sized entities, including the Dharma, Snitch, and Netwalker ransomware campaigns.

Q4, 2020 Ransomware Attacks. Source: Coveware

The access controls typical of small-and medium-sized groups are not as strong as with larger groups which makes it easier to infiltrate their networks and databases. These groups are also much less likely to have configured dependable backup systems and conducted adequate HIPAA training for staff.

This means that data recovery without paying the ransom is almost impossible. Even when backups are completed they do not cover all of the appropriate networks and databases and file recovery may not have been properly tested. Along with this it is quite common for network segmentation to have been disregarded as a security tactic.

What Steps Can Small- & Medium Sized Healthcare Groups Take to Stop Cyberattacks?

Identifying the correct types of cybersecurity measures to implement in order to stop cyberattacks from infiltrating your group is not a straightforward task. Your main focus should be to configure a range of small changes which will enhance your security portfolio, so much so that hacking is almost impossible on your databases. Here we have listed some measures you can implement to tackle phishing, RDP compromise and a shortfall in HIPAA training:

  1. Phishing: Conduct worker security awareness training in order to educate your workforce in relation to cyber threats and spotting them. Configure strong passwords in tandem with 2-factor authentication on every username-password systems on you network.
  2. RDP compromise: Amend default ports and set a maximum number of log-in attempts be automatic lock-out is activated. This will prevent brute force tactics. In addition to this you can configure patches and conduct security updates quickly to address known security flaws. Ensure that staff responsible for these tasks also undergo regular HIPAA training and refresher course so that it remains to the forefront of their thinking when allocating time to specific projects.
  3. The Importance of HIPAA Training: As indicated in both of the points above HIPAA training the the single most important security measure for small- to medium-sized practices to put in place. The most important part of any network and its security solution are the users. All of the strongest cybersecurity measures available will count for absolutely nothing if the technology is not being used correctly by individuals who are not fully aware of their obligations under HIPAA.


Small- to medium sized healthcare practices are a prime target for ransomware attacks due to the lack of resource they tend to dedicate towards cybersecurity measures. The first thing all groups should do to make sure they are preventing phishing and RDP attacks infiltrating their networks is to provide their staff with data privacy training and HIPAA regulations.